On Tue, Mar 8, 2011 at 10:01 PM, John R Pierce <pierce at hogranch.com> wrote: > On 03/08/11 11:47 AM, m.roth at 5-cent.us wrote: >> >> Yup. Last time I saw a story about someone hanging an unprotected Windows >> box on the 'Net, late last year, I think, it was down from 12 min to 5 min >> before it was attacked. > > and how long after you connect a 'nix box before worms start port > knocking on ssh trying stupid combinations of user/pass over and over? > I see a couple 1000 of those a day > > Mar 8 11:41:25 freescruz sshd[28012]: Failed password for daemon from > 200.201.20.21 port 49462 ssh2 > Mar 8 11:41:29 freescruz sshd[28026]: Failed password for adm from > 200.201.20.21 port 49869 ssh2 > Mar 8 11:41:32 freescruz sshd[28038]: Failed password for invalid user > quark from 200.201.20.21 port 50352 ssh2 > Mar 8 11:41:36 freescruz sshd[28048]: Failed password for invalid user > sys from 200.201.20.21 port 50811 ssh2 > Mar 8 11:41:40 freescruz sshd[28055]: Failed password for invalid user > liyiduo from 200.201.20.21 port 50984 ssh2 > Mar 8 11:41:44 freescruz sshd[28061]: Failed password for games from > 200.201.20.21 port 51438 ssh2 > Mar 8 11:41:47 freescruz sshd[28071]: Failed password for mailnull from > 200.201.20.21 port 51927 ssh2 > Mar 8 11:41:52 freescruz sshd[28086]: Failed password for invalid user > backup from 200.201.20.21 port 52095 ssh2 > Mar 8 11:41:55 freescruz sshd[28094]: Failed password for sync from > 200.201.20.21 port 52604 ssh2 > Mar 8 11:41:59 freescruz sshd[28103]: Failed password for shutdown from > 200.201.20.21 port 53016 ssh2 > Mar 8 11:42:03 freescruz sshd[28112]: Failed password for invalid user > libuuid from 200.201.20.21 port 53504 ssh2 > Mar 8 11:42:07 freescruz sshd[28145]: Failed password for invalid user > liudongfeng from 200.201.20.21 port 53999 ssh2 > Mar 8 11:42:10 freescruz sshd[28150]: Failed password for invalid user > aaa from 200.201.20.21 port 54177 ssh2 > Mar 8 11:42:14 freescruz sshd[28160]: Failed password for invalid user > puxiaolong from 200.201.20.21 port 54585 ssh2 > Mar 8 11:42:18 freescruz sshd[28167]: Failed password for invalid user > yuzhakov from 200.201.20.21 port 55084 ssh2 > Mar 8 11:42:22 freescruz sshd[28175]: Failed password for invalid user > Debian-exim from 200.201.20.21 port 55590 ssh2 > Mar 8 11:42:25 freescruz sshd[28183]: Failed password for invalid user > irc from 200.201.20.21 port 55788 ssh2 > Mar 8 11:42:29 freescruz sshd[28190]: Failed password for invalid user > home3 from 200.201.20.21 port 56182 ssh2 > Mar 8 11:42:33 freescruz sshd[28194]: Failed password for invalid user > messagebus from 200.201.20.21 port 32824 ssh2 > Mar 8 11:42:37 freescruz sshd[28203]: Failed password for invalid user > netdump from 200.201.20.21 port 33315 ssh2 > > Which is why you should secure your default Linux installs :) If memory serves me correct, the latest windows 2008 server is very secure by default and you have to jump through many hoops to unsecure it -- Kind Regards Rudi Ahlers SoftDux Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532